Category Archives: Data Security

Senate Committee Passes Data Breach Laws

Posted by on November 7, 2009 No comments

The U.S. Senate Judiciary Committee passes two bills that establish federal guidelines for data breach notifications.

Two sweeping bills that would set new standards for data breach notifications made their way out of the Senate Judiciary Committee Nov. 5.

The committee voted yes on the Personal Data Privacy and Security Act of 2009 (S.1490) and the Data Breach Notification Act (S.139). The vote means the bills are now headed to the full Senate for its stamp of approval.

via Senate Committee Passes Data Breach Laws.

Express Scripts: 700,000 notified after extortion – Network World

Posted by on October 3, 2009 No comments

Nearly one year after being hacked by computer extortionists, pharmacy benefits management company Express Scripts now says hundreds of thousands of members may have had their information breached because of the incident.

Last November, the company reported that someone had threatened to expose millions of customer prescription records, but it has come under criticism for being vague about how many of its customers’ records were accessed. Now the company says that about 700,000 have been notified.

via Express Scripts: 700,000 notified after extortion – Network World.

Radisson Hotels reports data breach affecting ‘limited’ number of sites, guests

Posted by on August 20, 2009 No comments

Radisson Hotels revealed Wednesday that a “limited” number of guests may have had their credit or debit card data stolen, due to a breach of the computer systems at some of the chain’s hotels.

via Radisson Hotels reports data breach affecting ‘limited’ number of sites, guests – Network World.

HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information

Posted by on August 19, 2009 No comments

The regulations, developed by the HHS Office for Civil Rights (OCR), require health care providers and other HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals. Breaches affecting fewer than 500 individuals will be reported to the HHS Secretary on an annual basis. The regulations also require business associates of covered entities to notify the covered entity of breaches at or by the business associate.

via HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information.

More holes found in Web’s SSL security protocol – Network World

Posted by on July 31, 2009 No comments

Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.

At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between Web sites and browsers.

via More holes found in Web’s SSL security protocol – Network World.

LexisNexis warns of breach after alleged mafia bust – Network World

Posted by on July 18, 2009 No comments

Information broker LexisNexis has warned more than 13,000 consumers, saying that a Florida man who is facing charges in an alleged mafia racketeering conspiracy may have accessed some of the same sensitive consumer databases that were once used to track terrorists.

via LexisNexis warns of breach after alleged mafia bust – Network World.

Researchers predict SSNs, crack algorithm putting identities at risk

Posted by on July 8, 2009 No comments

In their paper, “Predicting Social Security Numbers from Public Data,” researchers Alessandro Acquisti and Ralph Gross said they observed a correlation between an individual’s SSN and their birth data. The duo said they gathered the data from profiles on social networking sites, data brokers, voter registration lists, online white pages and the publicly available Social Security Administration’s Death Master File.

via Researchers predict SSNs, crack algorithm putting identities at risk.

Trojan Swipes FTP Credentials for Major Companies in Malware Attack

Posted by on June 29, 2009 No comments

Security researchers have uncovered a cache of stolen FTP credentials belonging to a variety of corporations, including Symantec, McAfee, Amazon and the Bank of America.

via Trojan Swipes FTP Credentials for Major Companies in Malware Attack.

IBM Discovers Encryption Scheme That Could Improve Cloud Security, Spam Filtering

Posted by on June 26, 2009 No comments

A researcher at IBM reports having developed a fully homomorphic encryption scheme that allows data to be manipulated without being exposed. Researcher Craig Gentry’s discovery could prove to be important in securing cloud computing environments and fighting encrypted spam.

via IBM Discovers Encryption Scheme That Could Improve Cloud Security, Spam Filtering.

Out of business, Clear may sell customer data – Network World

Posted by on June 26, 2009 No comments

Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else’s hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.

via Out of business, Clear may sell customer data – Network World.

Now this is interesting – you pay a company a annual fee (in this case $199) and then give them your sensitive data (very sensitive data), then they think it is THEIR data and just feel they have a right to SELL it – simply amazing world we live in …